The macOS system must not allow an unattended or automatic logon to the system.

STIG ID: APPL-13-002066  |  SRG: SRG-OS-000480-GPOS-00229 |  Severity: medium |  CCI: CCI-000366 |  Vulnerability Id: V-257221

Vulnerability Discussion

Failure to restrict system access to authenticated users negatively impacts operating system security.

Check

Verify the macOS system is configured to not allow automatic logon with the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep "DisableAutoLoginClient"

"com.apple.login.mcx.DisableAutoLoginClient" = 1;

If "com.apple.login.mcx.DisableAutoLoginClient" is not set to "1", this is a finding.

Fix

Configure the macOS system to not allow automatic login by installing the "Login Window Policy" configuration profile.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.